Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Grafana 8.x - Local File Inclusion

By kannthu

High
Vidoc logoVidoc Module
#grafana#lfi
Description

Grafana 8.x - Local File Inclusion

What is the "Grafana 8.x - Local File Inclusion?"

The "Grafana 8.x - Local File Inclusion" module is designed to detect a vulnerability in Grafana 8.x that allows for local file inclusion. Grafana is a popular open-source analytics and monitoring platform used for visualizing time-series data. This module focuses on identifying instances of local file inclusion in Grafana installations.

This vulnerability has a high severity level, indicating that it can potentially lead to unauthorized access to sensitive files and data.

This module was authored by z0ne, dhiyaneshDk, jeya.seelan, dwisiswant0, and j4vaovo.

Impact

A successful exploitation of the local file inclusion vulnerability in Grafana 8.x can allow an attacker to read arbitrary files on the server. This can lead to the exposure of sensitive information, such as configuration files, credentials, or other sensitive data stored on the server.

How the module works?

The module works by sending HTTP requests to the target Grafana server and checking for specific conditions that indicate the presence of the local file inclusion vulnerability.

One example of an HTTP request sent by the module is:

GET /public/plugins/{%pluginSlug%}/../../../../../conf/defaults.ini

This request attempts to access the "defaults.ini" file located in the Grafana installation directory.

The module then applies matching conditions to the response received from the server to determine if the vulnerability is present. The matching conditions include:

- Checking the response body for specific words, such as "socket = /tmp/grafana.sock" and "http_port". - Verifying that the response status code is 200 (indicating a successful request).

If both matching conditions are met, the module reports the vulnerability.

For more information, you can refer to the Grafana blog post on this vulnerability.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/public/plugins/{%pl...
Payloads
1 payload lists
Matching conditions
word: socket = /tmp/grafana.sock, http_portand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability